"Nicolás A. Ortega" <[email protected]> writes: > My proposal is the following: when someone brings up a freedom issue (or > even privacy, for that matter) they should also links to the information > that lead them to this conclusion, once we see that these links have > something behind them (a quick skim through the links) we can put in > place the temporary quarantine of the package. After this point all > information regarding the freedom issues with the package should be > concentrated in one place (public place where everyone can see it) and a > more thorough investigation of the matter (finding exact files that are > non-free) should take place. If no actual evidence is found or the > evidence has *all* been countered after X amount of time (I think a > month or two should do) then the package is taken out of quarantine > until more concrete evidence can be found. If evidence is found and > cannot be countered then the package is labelled permanently as non-free > until either upstream fixes the freedom issues (which *should be > reported to upstream when found*) or we create a -libre package for it. > > The most important thing I want to be taken away from this is that > information on the freedom issues of a package should be *easily > available*. I shouldn't have to be asking absolutely everyone in the > community who has the actual links so I can verify for my own eyes. > What's more, the more eyes we have on the issue the more information we > can obtain and the faster we can solve things. > > I brought up the qt5-webengine issue as an example, I did not send this > e-mail to talk about it directly but something I noticed as a > consequence of it. So please let's not make this thread about that > (since I can see it coming). > > With a policy similar to this I believe we'll be able to handle these > freedom issues in a much more orderly, organized, and effective manner.
+1 would you open a pad? then it can be put on the wiki. contacting/involving upstream should be a requisite too, in the past we've failed to do so and i remember one case where they contacted us about it. it was about syslog-ng documentation license, which at the time of blacklisting was cc-by-sa-nc (iirc) and it was going to be changed to cc-by-sa (which i guess they did, because i see syslog-ng in repos now). -- http://utopia.partidopirata.com.ar/
signature.asc
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
